Start WatchGuard System Manager and connect to your Firebox or XTM device.

Start Firebox System Manager.

Click the Status Report tab.

Click Support, located at the bottom-right corner of the window.

Click Browse to select the path on your computer where you want to save the support file. Click Retrieve. Wait while your support file is downloaded from the Firebox. This can take up to 20-30 seconds. A dialog box appears to tell you when the download is complete. By default, the support file has a name like 192.168.111.1_support.tgz.

Unzip the support file to a location on your computer that you have easy access to.

Unzip the Fireware_XTM_support.tgz file contained within the original file to the same location.

Needed software on Ubuntu

You will need to install a number of packages to connect from Ubuntu (this assumes the desktop version, things are likely different for the server version).

openvpn (Likely already installed)

sudo apt-get install openvpn

network-manager open vpn plug in

sudo apt-get install network-manager-openvpn

Network Manager OpenVPN plugin for Gnome (needed as of Ubuntu 12.04)

sudo apt-get install network-manager-openvpn-gnome

Testing from the command line

You can test if the connection is working from the command line. You don't have to do this but it may make things easier.

From the directory you copied the config/crt files:

sudo openvpn --config client.ovpn

Setting up network manager

The network manager is the icon in the panel bar at the top (currently the up/down arrows). You will need a number of lines out of the client.ovpn file so open it in an editor for reference.

I also needed to check "use this connection only for resource on its network" under the IPv4 Settings tab under the "Routes..." button.

There maybe more needed to setup things depending on how the Firebox SSL is setup but hopefully this will help as a starting point. Also you may want to watch the sys log if you have problems (tail -fn0 /var/log/syslog)

Holy mother of.. that's a pretty impressive answer for a new user. Welcome to the site!
–
pauskaJan 3 '12 at 1:20

1

This works on Ubuntu 13.04. After "Step 3- Add" choose "Import a saved VPN Configuration" from the dropdown and point it to client.opvn. This fills in all the fields automatically.
–
PeteJul 22 '13 at 4:00

Software requirements

sudo apt-get install network-manager-openvpn-gnome

or for the minimalist:

sudo apt-get install openvpn

Get the certificates & config

For Watchguard XTM devices running 11.8+

It appears that the https://yourrouter.tld/sslvpn.html page that is used to pickup the windows client now also includes a generic ovpn configuration download saving the steps in the workaround. Simply login and go to that directory to get your configuration file. Congratulations on being equal with your windows and mac buddies.

Skip down to the "Create New VPN Connection" step.

For Watchguard XTM devices running 11.7 or less

These can be retrieved directly from the firewall (replace server with your own):

Go to https://watchguard_server and authenticate to the firewall.

Go to https://watchguard_server:4100/?action=sslvpn_download&filename=client.wgssl

Alternately (I believe this is less secure because the password is sent in the request)(replace server, user and pass with your own):

Move client.wgssl to where you want to store the config and certs, perhaps /etc/openvpn. This will tar bomb you, so you'll want to create the folder for it to extract into.

Run tar zxvf client.wgssl

Create new VPN connection

Open Network Connections and Add new. For type, under VPN, select "Import a saved VPN configuration..." Browse for the client.ovpn file in the folder you extracted client.wgssl.

Add credentials

Edit the newly created connection to include your username and password, or set password to "Always Ask".

Warning: The password is saved in an encryption that can be reversed.

Adjust networking

If you don't want the VPN to take over all your traffic, just the traffic going to the remote location go to IPv4 Settings tab -> Routes and check "Use this connection only for resources on its network"

YMMV Warning: It looks like my 2-step method for getting the config may not work as well on older versions of the XTM firmware. My first visit to port 4100 made me authenticate again, but pasting the same link a second time after authenticating on port 4100 worked.
–
flickerflyOct 4 '13 at 19:37

Welcome to Server Fault! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
–
Scott PackNov 18 '12 at 5:01